Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
726
Views
5
Helpful
4
Replies

Enable ICMP response on OUTSIDE interface based on DNS in ASA

Go to solution
rmcgurn
Level 1
Level 1

‎11-20-2013 11:14 AM - edited ‎03-11-2019 08:07 PM

Hello All,

I have what I'm sure is a simple question, but is frustrating me.  I'd like to enable ICMP response on the outside interface of my ASA's to respond to ICMP traffic that is sent from a specific DNS address (an external monitoring service).  Any thoughts on how best to accomplish this?  Thanks in advance.

Issue is the routable IP will change regularly, but the DNS address will remain the same.  A pool of IPs basically.  Thanks in advance,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎11-21-2013 10:25 PM

Hello Ronan,

So only ICMP responsed from outside from the Domain-Name of that host

Nah, I do not see this being possible on the ASA at the moment, you will need to use the IP pool as the only method to be restrictive.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
4 Replies 4

Go to solution
jumora
Level 7
Level 7

‎11-21-2013 07:57 PM

Well ICMP is always allowed but ISP normally have what is called stick DNS, so my question would be, do you want to restric IP address from reaching the ASA via ICMP and only allow the DNS hosting site

Value our effort and rate the assistance!

Value our effort and rate the assistance!

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎11-21-2013 10:25 PM

Hello Ronan,

So only ICMP responsed from outside from the Domain-Name of that host

Nah, I do not see this being possible on the ASA at the moment, you will need to use the IP pool as the only method to be restrictive.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
jumora
Level 7
Level 7
In response to Julio Carvajal

‎11-22-2013 09:32 PM

Need help????

Value our effort and rate the assistance!

Value our effort and rate the assistance!
0 Helpful

Go to solution
rmcgurn
Level 1
Level 1
In response to Julio Carvajal

‎11-27-2013 11:08 AM

My sincere apologies for not replying sooner.  I've been away and unable to respond quicker.  Thank you very much for your quick answer.  Looks like IP Pool is the way to go in this case.  Once again, thank you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card